The honey trap was a Cold War classic. A glamorous woman would approach a gentleman of interest and, through flattery and charm, harvest as much information as possible – including some very specific intelligence. Today’s modern world merely sees the trap move online. Plus ca change…
It has long been established that the Internet is a place where very little can be real. Not just in terms of ‘fake news’, but fake people in general. For instance – a full 270m accounts on Facebook, 3% of the total, belong to people who do not exist. Sometimes this does not really matter – the pages are set up as a ‘joke’. Sometimes the accounts are used for troubling purposes – eg, stalking. And sometimes they are used in direct espionage.
LinkedIn in particular has been in the news recently after the German intelligence service, BfV, alleged that the Chinese government was using fake site profiles to lure and entice specifically chosen German individuals – notably politicians and government officials among them. Not immediately, but once a connection and relationship was established – who knows what could have happened? This is the exact principle of the honey trap, although updated appropriately for the digital age. It is to be expected that the teams behind these profiles (given that the photographs are outrightly stolen from other profiles, the histories are fabricated and the individuals themselves do not exist) would have ultimately attempted to recruit the German citizens or ask them to do something which would ultimately aid a foreign power.
The four principles of espionage used to be MICE: Money, Ideology, Compromise, Ego. These were the four ways by which someone could be turned. They may have been stuck with massive debt… they hated the system they were a part of… they had an embarrassing secret which they did not revealed… they were swayed by the beautiful woman who was talking to them. In the modern era it might serve us to add a fifth: Opportunity. Many within the corporate or political worlds will look for any edge that can place them above the competition. This may be just Linking with someone to improve a network ‘just in case’, or it can be to seriously consider what they are offering. The problem is, what they are offering may be a one-way ticket to unwitting espionage.
The problem is – as with the honey trap who convinces you, yes you, that you’re the most fascinating person in the world to her, and what do you do and can you show me what you’re working on sometime – these fake profiles (or other Opportunities) are tooled to precision to be as appealing as possible, and this is what makes them so successful. Sometimes they will be tailored and launched against just one person, having first conducted a thorough assessment (including through social media) of what that particular person is most likely to respond to. Sometimes they are content to see who they can snare first, and then build up the trust from there. From that point, the Non-Official Cover (NOC) staff stationed in-country will be able to step in, often to the point where the victim still remains unaware that he/she is getting into very deep water.
Beijing is not alone in this tactic (the Fancy Bears group out of Russia springs to mind) but it is certainly one of the most prominent in using the lure of Opportunity for the great game of espionage. It is also, of course, just as applicable to the world of business. Industrial espionage has to start somewhere, after all.
KCS can attest to ‘the power of the profile’. Clients have at times, been taken in by these fake pages and have gone on to lose significant amounts through an extended program of social engineering and honey-trapping. On other occasions, the ease with which these work is proven through the conducting of assorted assignments to test and assess just how much a given organisation is susceptible to the modern-day traps.
Always take great care to research and verify just who you may be talking to, and do not feel the need to engage simply because you’re being asked to. After all, Facebook Walls have ears…